[c-nsp] Bandwidth shaping/limiting

Dan Brisson dbrisson at gmail.com
Wed Oct 28 09:28:31 EDT 2015 


On 10/28/2015 9:06 AM, daniel.dib at reaper.nu wrote:
>
>
> 2015-10-28 13:37 skrev Mark Tinka:
>> On 28/Oct/15 14:27, Dan Brisson wrote:
>>
>>> I'm hoping to get some feedback on how to limit/shape bandwidth for
>>> customers in a co-lo environment.  Currently customers are connected
>>> to Cisco 3750 switches at either 10, 100, or 1Gig depending on what
>>> they purchase for commodity Internet bandwidth.  The 10 and 100 is
>>> fine but customers are allowed to purchase in increments between
>>> 100Meg and 1Gig.  So because of that, if a customer purchased 300Mb/s,
>>> it would be nice to limit their physical gig port to capping out at
>>> 300Mb/s.
>>>
>>> I know the 3750 line has some shaping capability, but I'm not sure it
>>> can do what I want.  And further I'm not sure if it has the buffer
>>> space to do what I want.
>>>
>>> Can someone confirm or deny the capabilities the Catalyst 3750 line
>>> with respect to this situation.  And if the 3750 cannot do what I
>>> need, what should I look at in the Cisco line?  Would the ME line of
>>> switches be more appropriate.
>>
>> The only Cisco switch I am aware of that can do egress policing is the
>> ME3600X, ASR920, and whatever runs the SUP-2T (SUP-2T not tested, just
>> based on what others have said).
>>
>> Egress shaping is, IIRC, supported on some of Cisco's desktop switches,
>> but as you say, the limited buffers on these platforms may create some
>> interesting situations in the field.
>>
>> I believe reasonably recent desktop switches from Cisco will support
>> ingress policing, but suggest you check this out before you buy.
>>
>> Mark.
>
> Does each customer have its own VLAN or do they share VLANs? Do you 
> care if the customer uses more capacity internally or only towards the 
> Internet? Catalyst switches can do ingress policing which would mean 
> outbound traffic if you do it on the customer port. It also has egress 
> shaping but it uses an algorithm called SRR which is quite different 
> to the policy-maps that are used on routers. You could do ingress 
> policing on a trunk port but it's quite convoluted to be honest.
>
> Like Mark said you could either move up to some more advanced switch 
> such as 4500 or 6880 etc or keep things as is but invest in more 
> intelligence at the edge with a box like ASR920 or similar.
>
> Regards,
>
> Daniel
Each customer does have its own VLAN.  And the only concern is to/from 
the Internet.  The customer's routing interface is actually a 
subinterface on an ASR1002 (the ASR1002 has dot1q tagged interface 
connected to the 3750 with a tag for each customer's vlan).  Maybe a 
policy applied to that interface is a better spot?  I guess that would 
come down to the policing/shaping capabilities of the ASR1002 platform.

Thanks!
-dan

More information about the cisco-nsp mailing list